SecurityRatty: tag: control

Audit/Monitor Controls or Audit/Monitor BEFORE Control?

2008-02-28 11:38:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...controls after you put them in place; you monitor after you have authentication and authorization taken care of and you detect the violations after you organized your administration The paper even had the following picture, which is presented here to illustrate the point source: Forrester paper named above The paper clarifies: "With people...

Unencrypted/Unauthenticated Wireless Control Systems Are a Very Bad Idea

2008-01-11 20:33:14 by Chris Wysopal in Zero in a bit

A Polish teenager derailed a tram after building his own remote control to hack the control system. Best quote Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit

Tags: control systems, control system, remote control, polish teenager, transport command, native wit, commodity electronics, knowledge, exposure

The role of control depth in assessment quality

2007-09-12 12:17:00 by Bryan in practical risk management

...control... there was no insight into the underlying quality of the control and whether it had actual value If you want to check boxes, surface audits are fine. But if you want to understand your true security exposure, you have to dig deeper. It's not enough to ask whether regular backups are taken and stored offsite. You have to ask how...

Tags: audit, external sox audit, physical security, security audit, questions, pretty in-depth questions, dig deeper, control, surface

Windows Integrity Control (WIC) in Vista

2008-04-01 10:39:15 by Joel Scambray, Hacking Exposed Windows in WhatIs: Enterprise IT tips and expert advice

BitLocker and User Account Control have gotten lots of hype, as new security features in Vista. But what about Windows Integrity Control? Learn about WIC in this excerpt from Hacking Windows Exposed: Microsoft Windows Security Secrets and Solutions

Tags: windows, windows integrity control, user account control, security features, wic, vista, excerpt, hype, bitlocker

The physical access control project planner

2008-04-30 00:00:00 by HASH0x8b43198 in Network World on Security

...control systems. Looking especially at the full cycle of implementation from the end-user's standpoint, this primer highlights the important and often unforeseen issues that frequently accompany access control projects. Planning for these common issues frequently translates into saved time, resources, and investment, whereas a lack of...

Tags: issues, common issues frequently, lead cost overruns, saved time, implementation, unreliable system, primer highlights, fundamental information, lost time

RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control"

2008-01-07 09:15:52 by Editor in IEEE Security and Privacy

As the authors of the original proposal for the role-based access control (RBAC) standard and developers of the models from which it derives, the authors respond here to Ninghui Li, Ji-Won Byun, and Elisa Bertino's critique, which also appears in this issue. This is an opportune time in the revision cycle to introduce proposals for changes to...

Tags: standard, access control, authors respond, authors, revision cycle, critique, rbac, introduce proposals, ji-won byun

What Constitutes A $7B Control Failure?

2008-01-25 16:01:33 by Chris McClean in Security & Risk Management

...controls were adequately tested and did not fail There will certainly be much more to follow on this story. From initial coverage, it seems that the bank had enforced proper trade limits for this employee, and the control failure occurred when he was able to circumvent security systems and escalate his trading privileges. As organizations...

Tags: wall street journal, control failure, risk, 31-year-old jrme kerviel, companys risk management, story, kerviel, story reminds, coverage

New password-control security features for i5/OS VR61

2008-02-18 16:45:01 by Rich Loeber, Contributor in WhatIs: Enterprise IT tips and expert advice

The new version of i5/OS for System I includes three notable new password-control security features. Here we outline the new V6R1 system values and their potential for enhancing system security

Tags: system, v6r1 system values, security features, system security, potential, version, outline, notable, i5os

Bejtlich in Access Control and Security Solutions Magazine

2008-03-10 10:47:00 by Richard Bejtlich in TaoSecurity

Sandra Kay Miller interviewed me for the July 2007 issue of Access Control and Security Solutions magazine, but I forget about it until now. The interview describes my security experiences and my thoughts on working at GE Copyright 2003-2008 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com

Tags: security solutions magazine, access control, sandra kay miller, taosecurity, interview describes, richard bejtlich, security experiences, blogspot, copyright

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo